Broken gl-container-scanning-report.json causes 500 error on Pipeline Security tab

Summary

Broken gl-container-scanning-report.json causes 500 error on Pipeline Security tab.

Steps to reproduce

1. Copy gl-container-scanning-report.json and set it to artifacts.reports.container_scanning in .gitlab-ci.yml for GitLab CI
2. Run a pipeline
3. See Security tab of the Pipeline

Similar procedure: #35569 (comment 271579618)

Example Project

• https://gitlab.com/tnir/trivy-ci-test (security dashboard for limited persons)

What is the current bug behavior?

Pipeline Security tab shows an error in in-page AJAX: Error fetching the vulnerability list. Please check your network connection and try again.

What is the expected correct behavior?

Pipeline Security tab does show 500 error in in-page AJAX but shows a user-friendly error message users can understand the gl-container-scanning-report.json is broken.

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com (EE 12.7.0-pre f083bd5e).

Possible fixes

Like #207107 (closed), JSON validation is required when or after gl-container-scanning-report.json is uploaded on CI. Also error message should be clearer.